Your API keys work through AI agents without ever being exposed. All the convenience of pasting secrets into Claude. None of the risk.
npx phantom-secrets init
You paste API keys into Claude Code. You let Cursor read your .env. You know it's risky — but AI doing your work is worth it. Phantom fixes this.
AI keeps doing everything for you. Your secrets just stop being exposed.
Run phantom init. Real secrets move to your OS keychain (encrypted). Your .env is rewritten with worthless phm_ tokens.
Run phantom exec -- claude. A local proxy starts with fresh session tokens. The AI sees nothing useful.
When code hits an API, the proxy swaps the phantom token for your real credential and forwards over TLS. Your code works perfectly.
phantom sync --platform vercel pushes secrets to deployment. phantom pull onboards a new machine. One source of truth.
The full workflow from protecting secrets to deploying them.
Everything you need to let Claude, Cursor, and Copilot use your real API keys safely.
ChaCha20-Poly1305 with Argon2id. OS keychain on macOS/Linux. Encrypted file fallback for CI and Docker.
Fresh phantom tokens every session. If one leaks from AI logs or context, it's already invalid.
Native Claude Code integration. AI manages secrets through MCP tools without ever seeing real values.
phantom check blocks commits containing unprotected secrets. Catches hardcoded keys before they ship.
Push secrets to Vercel and Railway. Pull to onboard new machines. No more copying keys through Slack.
Auto-detects 13+ services from key names. Knows OPENAI_API_KEY from NODE_ENV.
npx phantom-secrets init downloads the right binary. No Rust toolchain needed. 10 seconds.
MIT licensed. Written in Rust. 52 tests. Auditable, forkable, free forever.
phantom env generates .env.example. phantom pull --from vercel imports secrets anywhere.
Two commands. Two minutes. Full AI delegation without the security risk.